信息来源:红狼安全小组()
文章作者:qaz0987
O-blog2.0.3的编辑器存在一个文件浏览漏洞,存在漏洞文件在于whizzylink.php和whizzypic.php,不过前一个可以浏览任意文件和目录,后一个只能浏览目录和图片,并能查看图片.
例:=.
$docpath=$_REQUEST['d'];
$extensions=$_REQUEST['x']?'/('.$_REQUEST['x'].')$/i':'/\.(html|pdf|txt)$/i';
$d=$_SERVER['DOCUMENT_ROOT'].'/'.$docpath;
$d=str_replace('//','/',$d);
$dir=opendir($d);
while($file=readdir($dir)){
$files[]=$file;
}
closedir($dir);
usort($files,"insensitive");//seefunctioninsensitive($a,$b)
foreach($filesas$filename){
$filepath="$d/$filename";
$fsize=sprintf("%u",filesize($filepath));//filesizesover2Mbwon'tfitinanintsoweunsignit
$modtime=date("dFYH:i:s",filemtime($filepath));//mtimeisunixtimestamp
$tip="Size:$fsize<br>Updated:$modtime";
if(is_dir($filepath)&&$docpath){//it'sadirectory
if($filename=='.'){//currentdirectory
$dlist.="<imgsrc='/btn/dir.png'>$docpath";
}elseif($filename=='..'){//parentdirectory
if($docpath){//we'reinasubdirectory-noUpfromroot
$updir=substr($docpath,0,strrpos($docpath,'/'));
$dlist.="<imgsrc='/btn/back.png'><ahref='$self?d=$updir'>Up</a>/<br>";
}
}else{
$docpath=str_replace($_SERVER['DOCUMENT_ROOT'],"",$d);
$dlist.="<divstyle='float:left;width:20em'><imgsrc='/btn/dir.png'><ahref='$self?d=$docpath/$filename'>$filename</a></div>";
}
}elseif(preg_match($extensions,$filename)){
$flist.="<divstyle='float:left;width:20em'><ahref='#'onclick='WantThis(\"$docpath/$filename\")'>$filename</a></div>";
当前位置:
